wombatu-kun commented on code in PR #16660:
URL: https://github.com/apache/iceberg/pull/16660#discussion_r3400998712
##########
.github/workflows/cve-scan.yml:
##########
@@ -51,6 +51,11 @@ jobs:
# ------------------------------------------------------------------
cve-scan:
runs-on: ubuntu-24.04
+ env:
+ # Trivy scanner image, pinned by digest (matches
lhotari/sandboxed-trivy-action's
+ # default at the pinned ref). Pre-pulled with retry below to absorb
transient Docker
+ # Hub (registry-1.docker.io) timeouts that otherwise fail the job with
exit code 125.
+ TRIVY_IMAGE:
aquasec/trivy:0.69.3@sha256:bcc376de8d77cfe086a917230e818dc9f8528e3c852f7b1aff648949b6258d1c
Review Comment:
Thanks for the review. I'd considered ghcr as well while working on this
fix, but was hesitant to propose switching the registry myself. Glad you raised
it, and I fully support the switch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
